From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Julien Grall <julien.grall@linaro.org>, xen-devel@lists.xenproject.org
Cc: stefano.stabellini@citrix.com, tim@xen.org, ian.campbell@citrix.com
Subject: Re: [RFC 09/14] xen/xsm: flask: MSI is PCI specific
Date: Thu, 13 Mar 2014 10:34:00 -0400 [thread overview]
Message-ID: <5321C1D8.6080306@tycho.nsa.gov> (raw)
In-Reply-To: <1394640969-25583-10-git-send-email-julien.grall@linaro.org>
On 03/12/2014 12:16 PM, Julien Grall wrote:
> MSI is not yet support on ARM and will break the compilation when XSM_ENABLE=y.
>
> Signed-off-by: Julien Grall <julien.grall@linaro.org>
> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
I am assuming that IRQs on ARM are generally allocated in a static manner for
a given board, so that a security policy based on their numeric values would
be effective. If IRQs above nr_static_irqs are dynamic as on x86, it may be
necessary to resolve them in some way. Since this resolution would naturally
be split into a separate patch, in either case this patch is
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> ---
> xen/xsm/flask/hooks.c | 72 +++++++++++++++++++++++++++++++++++--------------
> 1 file changed, 52 insertions(+), 20 deletions(-)
>
> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> index 65343f3..56c7645 100644
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -19,7 +19,9 @@
> #include <xen/errno.h>
> #include <xen/guest_access.h>
> #include <xen/xenoprof.h>
> +#ifdef HAS_PCI
> #include <asm/msi.h>
> +#endif
> #include <public/xen.h>
> #include <public/physdev.h>
> #include <public/platform.h>
> @@ -100,7 +102,6 @@ static int domain_has_xen(struct domain *d, u32 perms)
>
> static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
> {
> - struct irq_desc *desc = irq_to_desc(irq);
> if ( irq >= nr_irqs || irq < 0 )
> return -EINVAL;
> if ( irq < nr_static_irqs ) {
> @@ -110,15 +111,21 @@ static int get_irq_sid(int irq, u32 *sid, struct avc_audit_data *ad)
> }
> return security_irq_sid(irq, sid);
> }
> - if ( desc->msi_desc && desc->msi_desc->dev ) {
> - struct pci_dev *dev = desc->msi_desc->dev;
> - u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
> - if (ad) {
> - AVC_AUDIT_DATA_INIT(ad, DEV);
> - ad->device = sbdf;
> +#ifdef HAS_PCI
> + {
> + struct irq_desc *desc = irq_to_desc(irq);
> + if ( desc->msi_desc && desc->msi_desc->dev ) {
> + struct pci_dev *dev = desc->msi_desc->dev;
> + u32 sbdf = (dev->seg << 16) | (dev->bus << 8) | dev->devfn;
> + if (ad) {
> + AVC_AUDIT_DATA_INIT(ad, DEV);
> + ad->device = sbdf;
> + }
> + return security_device_sid(sbdf, sid);
> }
> - return security_device_sid(sbdf, sid);
> }
> +#endif
> +
> if (ad) {
> AVC_AUDIT_DATA_INIT(ad, IRQ);
> ad->irq = irq;
> @@ -825,21 +832,34 @@ static int flask_map_domain_pirq (struct domain *d)
> return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__ADD);
> }
>
> +static int flask_map_domain_msi (struct domain *d, int irq, void *data,
> + u32 *sid, struct avc_audit_data *ad)
> +{
> +#ifdef HAS_PCI
> + struct msi_info *msi = data;
> +
> + u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
> + AVC_AUDIT_DATA_INIT(ad, DEV);
> + ad->device = machine_bdf;
> +
> + return security_device_sid(machine_bdf, sid);
> +#else
> + return -EINVAL;
> +#endif
> +}
> +
> static int flask_map_domain_irq (struct domain *d, int irq, void *data)
> {
> u32 sid, dsid;
> int rc = -EPERM;
> - struct msi_info *msi = data;
> struct avc_audit_data ad;
>
> - if ( irq >= nr_static_irqs && msi ) {
> - u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
> - AVC_AUDIT_DATA_INIT(&ad, DEV);
> - ad.device = machine_bdf;
> - rc = security_device_sid(machine_bdf, &sid);
> + if ( irq >= nr_static_irqs && data ) {
> + rc = flask_map_domain_msi(d, irq, data, &sid, &ad);
> } else {
> rc = get_irq_sid(irq, &sid, &ad);
> }
> +
> if ( rc )
> return rc;
>
> @@ -858,18 +878,30 @@ static int flask_unmap_domain_pirq (struct domain *d)
> return current_has_perm(d, SECCLASS_RESOURCE, RESOURCE__REMOVE);
> }
>
> +static int flask_unmap_domain_msi (struct domain *d, int irq, void *data,
> + u32 *sid, struct avc_audit_data *ad)
> +{
> +#ifdef HAS_PCI
> + struct msi_info *msi = data;
> + u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
> +
> + AVC_AUDIT_DATA_INIT(ad, DEV);
> + ad->device = machine_bdf;
> +
> + return security_device_sid(machine_bdf, sid);
> +#else
> + return -EINVAL;
> +#endif
> +}
> +
> static int flask_unmap_domain_irq (struct domain *d, int irq, void *data)
> {
> u32 sid;
> int rc = -EPERM;
> - struct msi_info *msi = data;
> struct avc_audit_data ad;
>
> - if ( irq >= nr_static_irqs && msi ) {
> - u32 machine_bdf = (msi->seg << 16) | (msi->bus << 8) | msi->devfn;
> - AVC_AUDIT_DATA_INIT(&ad, DEV);
> - ad.device = machine_bdf;
> - rc = security_device_sid(machine_bdf, &sid);
> + if ( irq >= nr_static_irqs && data ) {
> + rc = flask_unmap_domain_msi(d, irq, data, &sid, &ad);
> } else {
> rc = get_irq_sid(irq, &sid, &ad);
> }
>
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2014-03-13 14:34 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-12 16:15 [RFC 00/14] xen/arm: Add support for XSM Julien Grall
2014-03-12 16:15 ` [RFC 01/14] xen/arm: kernel: Don't harcode flash address Julien Grall
2014-03-14 17:10 ` Ian Campbell
2014-03-14 17:44 ` Julien Grall
2014-03-12 16:15 ` [RFC 02/14] xen/arm: Remove the parameter "attrindx" in copy_paddr Julien Grall
2014-03-14 17:14 ` Ian Campbell
2014-03-14 18:02 ` Julien Grall
2014-03-17 10:13 ` Ian Campbell
2014-03-17 11:53 ` Julien Grall
2014-03-17 12:02 ` Ian Campbell
2014-03-12 16:15 ` [RFC 03/14] xen/arm: Correctly define size_t Julien Grall
2014-03-14 17:18 ` Ian Campbell
2014-03-12 16:15 ` [RFC 04/14] xen/arm: next_module: Skip module if the size is 0 Julien Grall
2014-03-14 17:19 ` Ian Campbell
2014-03-12 16:16 ` [RFC 05/14] xen/xsm: xsm functions for PCI passthrough is not x86 specific Julien Grall
2014-03-13 14:25 ` Daniel De Graaf
2014-03-14 17:20 ` Ian Campbell
2014-03-12 16:16 ` [RFC 06/14] xen/xsm: xsm_do_mca is " Julien Grall
2014-03-13 14:26 ` Daniel De Graaf
2014-03-14 17:21 ` Ian Campbell
2014-03-12 16:16 ` [RFC 07/14] xen/xsm: flask: Fix compilation when CONFIG_COMPAT=y Julien Grall
2014-03-13 14:26 ` Daniel De Graaf
2014-03-14 17:23 ` Ian Campbell
2014-03-14 18:08 ` Julien Grall
2014-03-17 7:22 ` Jan Beulich
2014-03-17 10:15 ` Ian Campbell
2014-03-17 11:57 ` Julien Grall
2014-03-12 16:16 ` [RFC 08/14] xen/xsm: flask: Rename variable "bool" in "b" Julien Grall
2014-03-12 16:26 ` Andrew Cooper
2014-03-13 13:17 ` Julien Grall
2014-03-13 13:57 ` Jan Beulich
2014-03-13 14:27 ` Daniel De Graaf
2014-03-14 17:24 ` Ian Campbell
2014-03-12 16:16 ` [RFC 09/14] xen/xsm: flask: MSI is PCI specific Julien Grall
2014-03-13 14:34 ` Daniel De Graaf [this message]
2014-03-13 14:40 ` Julien Grall
2014-03-14 17:25 ` Ian Campbell
2014-03-14 18:15 ` Julien Grall
2014-03-17 10:13 ` Ian Campbell
2014-03-17 12:05 ` Julien Grall
2014-03-12 16:16 ` [RFC 10/14] xen/xsm: flask: flask_copying_string is taking a XEN_GUEST_HANDLE as first param Julien Grall
2014-03-13 14:34 ` Daniel De Graaf
2014-03-14 17:26 ` Ian Campbell
2014-03-12 16:16 ` [RFC 11/14] xen/xsm: flask: Add missing header in hooks.c Julien Grall
2014-03-13 14:34 ` Daniel De Graaf
2014-03-14 17:26 ` Ian Campbell
2014-03-12 16:16 ` [RFC 12/14] xen/xsm: Don't use multiboot by default to initialize XSM Julien Grall
2014-03-12 16:52 ` Jan Beulich
2014-03-13 14:36 ` Daniel De Graaf
2014-03-14 17:27 ` Ian Campbell
2014-03-12 16:16 ` [RFC 13/14] xen/xsm: Add support for device tree Julien Grall
2014-03-13 14:47 ` Daniel De Graaf
2014-03-14 17:34 ` Ian Campbell
2014-03-14 18:24 ` Julien Grall
2014-03-17 10:15 ` Ian Campbell
2014-03-12 16:16 ` [RFC 14/14] xen/arm: Add support for XSM Julien Grall
2014-03-14 17:34 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5321C1D8.6080306@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=ian.campbell@citrix.com \
--cc=julien.grall@linaro.org \
--cc=stefano.stabellini@citrix.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.